> TritonInfoSec News
Home / May 24, 2026 / Story
0
#9 CyberScoop general May 22, 2026 at 20:41 UTC

FBI warns about fast-growing phishing kit targeting Microsoft 365 users

By Matt Kapko

AI Summary

The FBI issued an advisory warning about Kali365, a Telegram-based phishing-as-a-service kit first observed in April 2026 that abuses legitimate Microsoft OAuth device authorization flows to capture persistent tokens granting access to Microsoft 365 environments. The service enables cybercriminals without technical expertise to bypass MFA by hijacking OAuth sessions rather than stealing passwords directly. M365 administrators should review conditional access policies and monitor for suspicious device authorization requests.

Read full article → https://cyberscoop.com/fbi-phishing-kali365-micros…

Relevance score: 77.0/100

# More from May 24

  1. 1
    LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root The Hacker News
  2. 2
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV The Hacker News
  3. 3
    A hacker group is poisoning open source code at an unprecedented scale Ars Technica Security
  4. 4
    Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack SecurityWeek
  5. 5
    ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested SecurityWeek
  6. 6
    US and Canada arrest and charge suspected Kimwolf botnet admin BleepingComputer
  7. 7
    CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV The Hacker News
  8. 8
    CISA Security Leak Schneier on Security
  9. 10
    China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts. Dark Reading